CVE Daily
← All tags

Tag: Microsoft Exchange

All CVEs associated with "Microsoft Exchange". Page 1/3 • 250 CVEs.

About “Microsoft Exchange”

A curated feed of “Microsoft Exchange”-related CVEs appears below. We currently track 250 CVEs for this tag (all time). In the last 365 days, 13 were published. Average CVSS is 6.8 (all time; 7.2 over 365d), and 53% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-20 - Improper Input Validation, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-918 - Server-Side Request Forgery (SSRF).

In our taxonomy this topic maps to a LOW impact class. Mail servers and webmail risk credential theft and data exposure. Patch MTA or IMAP, enforce TLS and auth, lock down admin consoles, and validate anti spam or AV. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: msexchange

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
subscription15.2.2562.41Unavailable-
201915.2.1748.43 Expired
201615.1.2507.66 Expired
201315.0.1497.48 Expired
201014.3.513.0 Expired
20078.3.517.0 Expired
20036.5.7654.4 Expired
20006.0.6620.7 Expired
5.55.5.2653 Expired
5.05.0.1460 Expired
4.04.0.996Unavailable- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Microsoft Exchange”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-14
High

CVE-2026-42897

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 8.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2026-03-19
Critical

CVE-2026-26137

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

CVSS: 9.9 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2026-03-02
High

CVE-2025-58107

In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-…

CVSS: 7.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2026-02-10
Medium

CVE-2026-21527

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2025-12-09
Medium

CVE-2025-64667

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 5.3 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
High

CVE-2025-64666

Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2025-10-14
High

CVE-2025-59249

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-1390 - Weak Authentication View on NVD
High

CVE-2025-59248

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-53782

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

CVSS: 8.4 CWE: CWE-303 - Incorrect Implementation of Authentication Algorithm View on NVD
2025-08-12
High

CVE-2025-33051

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-25007

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 5.3 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
Medium

CVE-2025-25006

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 5.3 CWE: CWE-167 - Improper Handling of Additional Special Element View on NVD
Medium

CVE-2025-25005

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2024-11-12
High

CVE-2024-49040

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 7.5 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
2024-03-12
High

CVE-2024-26198

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2024-02-13
Critical

CVE-2024-21410

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2023-11-14
High

CVE-2023-36439

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-36050

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-36039

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-36035

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-10-10
High

CVE-2023-36778

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-426 - Untrusted Search Path View on NVD
2023-09-12
Medium

CVE-2023-36777

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 5.7 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-36757

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-36756

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-36745

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-36744

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-08-08
High

CVE-2023-38185

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2023-38182

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-38181

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-35388

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-35368

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2023-21709

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.8 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
2023-06-14
High

CVE-2023-32031

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-28310

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-02-14
High

CVE-2023-21710

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-21707

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-21706

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-21529

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-01-10
High

CVE-2023-21764

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-21763

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-21762

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-21761

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 7.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2023-21745

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-11-09
High

CVE-2022-41123

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-41080

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-41079

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2022-41078

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
2022-10-03
High

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2022-41040

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2022-08-09
Medium

CVE-2022-34692

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-30134

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-24516

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2022-24477

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2022-21980

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
Medium

CVE-2022-21979

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 4.8 CWE: N/A View on NVD
2022-05-11
High

CVE-2021-37851

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue af…

CVSS: 7.3 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2022-05-10
High

CVE-2022-21978

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2022-27167

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects:…

CVSS: 7.1 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2022-03-09
Medium

CVE-2022-24463

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-23277

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
2022-03-04
Medium

CVE-2022-26336

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Excha…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
2022-01-11
Critical

CVE-2022-21969

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 CWE: N/A View on NVD
Critical

CVE-2022-21855

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 CWE: N/A View on NVD
Critical

CVE-2022-21846

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 CWE: N/A View on NVD
2021-11-10
High

CVE-2021-42321

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2021-42305

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-41349

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
2021-10-13
Medium

CVE-2021-41350

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-41348

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-34453

Microsoft Exchange Server Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2021-26427

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 CWE: N/A View on NVD
2021-07-14
Critical

CVE-2021-34523

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 9.0 CWE: N/A View on NVD
Critical

CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2021-34470

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2021-33768

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2021-33766

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2021-31206

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2021-31196

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: N/A View on NVD
2021-05-11
Medium

CVE-2021-31209

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2021-31207

Microsoft Exchange Server Security Feature Bypass Vulnerability

CVSS: 6.6 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2021-31198

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-31195

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
2021-04-13
Critical

CVE-2021-28483

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0 CWE: N/A View on NVD
High

CVE-2021-28482

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2021-28481

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2021-28480

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
2021-03-03
Critical

CVE-2021-27078

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 CWE: N/A View on NVD
High

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2021-26858

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-26857

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Critical

CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2021-26854

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: N/A View on NVD
Critical

CVE-2021-26412

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.1 CWE: N/A View on NVD
2021-02-25
Medium

CVE-2021-24085

Microsoft Exchange Server Spoofing Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-1730

<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerabi…

CVSS: 5.4 CWE: N/A View on NVD
2021-01-26
Medium

CVE-2020-26941

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The poss…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2020-12-10
High

CVE-2020-17144

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.4 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2020-17143

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2020-17142

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 9.1 CWE: N/A View on NVD
High

CVE-2020-17141

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 8.4 CWE: N/A View on NVD
Critical

CVE-2020-17132

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 9.1 CWE: N/A View on NVD
Medium

CVE-2020-17117

Microsoft Exchange Remote Code Execution Vulnerability

CVSS: 6.6 CWE: N/A View on NVD
2020-11-11
Medium

CVE-2020-17085

Microsoft Exchange Server Denial of Service Vulnerability

CVSS: 6.2 CWE: N/A View on NVD
High

CVE-2020-17084

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 8.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2020-17083

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 5.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2020-10-16
High

CVE-2020-16969

<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to…

CVSS: 7.1 CWE: N/A View on NVD
2020-10-08
Medium

CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunde…

CVSS: 5.9 CWE: N/A View on NVD
2020-09-11
High

CVE-2020-16875

<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run…

CVSS: 8.4 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2020-03-12
Medium

CVE-2020-0903

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Ser…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2020-02-24
Medium

CVE-2019-4703

IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.

CVSS: 5.3 CWE: N/A View on NVD
2020-02-21
High

CVE-2012-6277

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Syma…

CVSS: 7.8 CWE: N/A View on NVD
2020-02-11
High

CVE-2020-0692

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2020-0688

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
2019-11-12
Critical

CVE-2019-1373

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2019-09-11
Medium

CVE-2019-1266

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2019-1233

A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.

CVSS: 7.5 CWE: N/A View on NVD
2019-07-15
Medium

CVE-2019-1137

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Ser…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2019-1136

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2019-1084

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2019-04-09
Medium

CVE-2019-0858

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is uniqu…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox